analysis and management of risk related to...

http://www.iaeme.com/IJM/index.asp 20 [email protected]

International Journal of Management (IJM)

Volume 10, Issue 6, November-December 2019, pp. 20–32, Article ID: IJM_10_06_003

Available online at http://www.iaeme.com/ijm/issues.asp?JType=IJM&VType=10&IType=6

Journal Impact Factor (2019): 9.6780 (Calculated by GISI) www.jifactor.com

ISSN Print: 0976-6502 and ISSN Online: 0976-6510

© IAEME Publication

ANALYSIS AND MANAGEMENT OF RISK

RELATED TO USING CLOUD COMPUTING IN

BUSINESS: EMPLOYEE’S PERCEPTION

Prof. Sultan Abdulrahman Tarawneh

Prof. of Project Construction Management, Department of Civil and Environmental

Engineering, Mutah University. Karak, Jordan

Alaa Alaa Abdulrahman

Master’s Degree of Engineering Project Management,

The University of Jordan, Amman, Jordan.

ABSTRACT

With the recent advancement of the technology and its application to our daily

business and social life; precisely the cloud computing system, however it has a risks

that might lead to hesitation and lose of enthusiasm of using it. The main objective of

this research is to find the risk factors, which may affect the business performance of

the companies that use “Cloud Computing”, and understand the consequences and its

managements. To the best of my knowledge, this is the first study in Iraq on risk analysis

and managements in cloud computing. The objectives achieved by distributing a

questionnaire to 30 private companies in Iraq which are using cloud computing to risk

managements by interviewed the employees who were responsible on managing “Cloud

Computing” in their companies. That leads to recognize the potentials risk, and how

much impact we might make to take the right decision in order to manage the risk to

help using “Cloud Computing” without fears.

Keywords: Cloud computing, risk analysis, Risk management

Cite this Article: Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman,

Analysis and Management of Risk Related to Using Cloud Computing in Business:

Employee’s Perception, International Journal of Management, 10 (6), 2019,

pp. 20–32.

http://www.iaeme.com/IJM/issues.asp?JType=IJM&VType=10&IType=6

1. INTRODUCTION

The “Cloud” is an expression, which was initially used to refer to the Internet in network

schemas. It has been defined as an initial sketch of the Cloud, which is used to represent data

transfer from data centers to its final position on the other side of the Cloud. The idea of the

programs flashed when “John McCarthy”, a professor at Stanford University, expressed the

idea, which said: "Computing might be organized to become one day a public service." Time

Sharing Could will be the future in which energy is sold and even the private applications as a

http://graduatedstudies.ju.edu.jo/Lists/OurPrograms/Disp_Program.aspx?ID=108&Dept=

Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman


service through the business model. Indeed, that notion was very popular in the late 1960s by

“Douglas Parkhill” in his book, “The Challenge of the Computer Utility”, but it was disappeared

in the mid-1970s when it has become clear that, the modern technology in the field of the

information technology could not sustain this model of future computing, but this idea has

recently returned to become a common term in the technological circles, and institutions in our

time [1].

The concept of the Cloud Computing has revolutionized the ideas and applications of IT

services, especially with regards to the infrastructure solutions which enterprises rely on to

facilitate their operations, and found many large and small enterprises involved in this new

system [2].

So, it is very important to know how the Cloud Computing is processing, and how to control

the transferred data in cloud securely.

Almorsy, et al. had defined the Cloud Computing as “a new mathematical model, which

provides an innovative business model for organizations to adopt the information technology

without a prior investment" [3].

The most widely used definition of the Cloud Computing model has introduced by NIST as

“A model which provides access to a convenient network on demand to a common set of a

configurable computing resources (such as networks, servers, storage, applications, and

services) that can be quickly delivered and launched with minimal administrative effort, or

service provider interaction” [4].

While other had defined the Cloud Computing as a new way to provide any users access

data, and use any data in the Cloud, it just needs an access with an internet [2].

Foster, et al.[5] had based a study that the Cloud Computing defined as a type of a dispenser

computing, which get more benefits, such as economics scale in providing a range of virtual,

dynamic, and scalable computing power and extensible storage, when the customer using it via

an internet.

According to Kleinrock The Cloud Computing has been defined by an organization to be

someday as a public utility like the telephone system, in the coming days the computer can be

a new and an important tool in the industry [6].

All over the previous definitions, the Cloud Computing should have an environment

characterized by the service basis, scalable and elastic, shared, metered by use especially in

public Cloud, and delivered by the Internet. Regardless to the slight differences in the

definitions of the Cloud Computing by researchers, The Cloud Computing shares the following

basic characteristics as in the following paragraph.

Nowadays, companies of various sizes are widely distributed; each company needs to have

more advantages than the others, in order to be distinguished from the others by using a new

technology to improve its performance, such as Cloud Computing. Cloud Computing allows

the users to be able to get an access to their data through any device just by logging in to the

Internet. Furthermore, this new technical work doesn’t need to install any software to get the

job done, so it will save the company time, cost and win the customers satisfaction [2].

The atmosphere of the private companies are more flexible to change the company's trends

based on new technologies to create new business structure, and get new opportunities, but this

fact created a challenge that the authorities and the public companies feel that the new

technology is imposed on private companies.

The cloud service provides a flexible, low-cost way to access the IT resources, which will

be needed to support the diverse operations of businesses. If somebody chooses to work with

Cloud Computing, there will be no need to invest in advance in any equipment or spend time

on the technical complications of managing this equipment. In turn, you can select the right

Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s

Perception


size, and type of IT Platform to support your online-based projects. You can access any

resources immediately, and should pay to the one usage only [2]. But at the same time, recently

the cloud is a hot topic of businesses, and many risks have been added. Information about

individuals and companies, for example placed in the cloud will make concern about the

security of the environment.

2. CLOUD COMPUTING CHARACTERISTIC

In this section we will explain the characteristics of the Cloud Computing, as the Cloud

Computing has five basic characteristics defined by special standards described by NIST, and

some others characteristics added by previous studies:

On-demand self-service: provides the convenience to the user, as the user can request one or

more services as needed, and payment, using a ‘‘pay-and-go’’ technology, without dealing with

people, just through the control panel via an internet [4]

Broad network access: Easily providing a service to the people, as an availability of services

and resources by different sellers, in different areas to everyone via sites based on Cloud

Computing. The terms ‘‘easy-to-access standardized mechanisms’’ and ‘‘global reach

capability’’, these terms are also referring to the same characteristic [10]

Resource pooling providing a set of recourses as a single common resource such as memory,

storage, and network dimensions. This means, the user doesn’t need to know where the custom

resources are located; this helps vendors to provide real or virtual resources in a dynamic way

[7]

Rapid elasticity: elasticity is basically another name for sociability. Elasticity is defined as the

ability to increase resources or reduce them according to the user's need. The user can request

resources needed at any time. This feature is very useful, the amazon has launched a name for

the most common service and used the Elastic Computer Cloud (EC2) [4]

Measured service: The measured service indicates that Cloud Computing has the ability to

control several different aspects of the cloud automatically, with several levels of resources for

both vendors and users whether controlled, monitored, and improved [4].

Multi-Tenacity: This feature refers to the need for policy based enforcement, retailing, isolation,

governance and service levels, and chargeback/billing models for different consumers [8].

Auditability and verifiability: indicate that the organizational commitment requires the

implementation of rules and regulations. It is important for services to prepare the clear records

and folders, the possibility of policy tracking to ensure that they are implemented correctly [10].

3. ARCHITECTURE OF CLOUD COMPUTING

The Cloud Computing allows user to be able to get an access to the data through any devices,

just he needs to get an access to the Internet, and however there is no need to install any

software. The Cloud Computing provides three types depended on service provided:

(infrastructure as a service, platform as a service and software as a service): [1].

Infrastructure-as-a-Service (IaaS) enables the saving of storage, hardware and other

components, these models reduce cost, because customers pay only for resources they really

use. This service provides the following Cloud-Computing provider: Default server (CPU,

RAM, and Storage) and OS. This service provides the companies with the ability to set up their

own information centers and use this service to install their applications. The company does not

need a programmer to run this service, but it needs a system administrator.

Platform-as-a-Service (PAAS) this model provides the integrated environment for web base

application (building, testing and running). It is a special environment service for the owners of

applications, to focus their applications on it through the Internet, and then provide special

services through the Internet for subscribers, this service requires those who work to be

specialized in programming, as the provider of the Cloud Computing provides the following



user: Default server (CPU, RAM, Storage), OS, Database system and Programmable tools

[15,13] Many services are offered in this way, for example, Netflix, where the company leased

PAAS from Amazon and implemented an application, which enables the subscriber to watch

the movie, or television show he wants, for a monthly subscription.

Software-as-a-Service (SAAS) this model is enables the application service for the user via the

Internet. It is a service providing applications which are ready to work through the Internet, or

private networks, and does not require an IT specialist, and we use on a daily basis, such as

Gmail and Facebook, add to this the services for business, such as Google Docs, Microsoft 365,

and Salesforce.com, and there are many Of applications which daily appear as it is one of the

most widely used layers in Cloud Computing for its features which allow users to use the web

browser as an interface over the Internet without the need to install the program in the local data

center, increase the speed, reduce the frontal costs, reduce or eliminate the risk of software’s

licensing, remove the incompatibility of the version, and application programming interfaces

(APIs), allow integration with different. [7].

Here we will discuss the cons and proms of the Clouding System, and how it might affect

the company performance:

3.1. Benefit of the Cloud Computing

Cloud Computing is very useful especially for small and medium sized businesses, because of

the availability of IT tools at affordable prices in comparison to the benefits they provide,

helping them become more productive without spending a lot of money on equipment, and

technical resources. Large companies are now moving towards the Cloud Computing for a

variety of reasons, including cost savings, remote access and information sharing, facilitating

real-time collaboration capabilities.

3.1.1 Improved Business Service

According to hashemi, et al., the Cloud Computing provide a better performance of the business

by increase the ability to access data by any person in the organization, from any location, at

any time [11].

3.1.2 Cost Reduction and Efficiency Increment

According to west [26], using the Cloud Computing will save cost by excluding investment in

data center, or any infrastructure, and reducing the human recourses and manpower

requirements for maintenance of the infrastructure or supporting it. According to Pekane [20],

the Cloud Computing is one of the services man can count on. Many programming companies

offer excellent customer service through the hiring of experts, making any disruption to the

Cloud Computing service easy to handle, and fix as quickly as possible, also the Cloud

Computing provides a server to save backups, software developers are trying to do everything

possible to access the top technology in this aspect. As a result, developers are running multiple

servers, which mean that there is no need to worry about downtime if a server happens to have

a sudden failure.

3.1.3 Flexibility of Work & Collaboration and Sharing of Information

According to Lanman, et al. [14] rescuers can be increased or reduced depending on workload

and access data from anywhere, by any devices (mobile, laptop, tablet and etc…) via Internet.

3.1.4 Save Time

According to Ali, [27] all services that will be provided via Cloud Computing do not need a

software to be installed, as well as the Cloud provider is responding nearly in a real time without

delay, and waiting to the service to be arrived. The Cloud Computing is available anywhere you

have an Internet connection, which mean that all images, and files of any kind stored on the

Cloud Computing can be accessed by the user since he is in a place where an Internet access is

available.


Perception


3.1.5 Enhanced Quality of Service

The Cloud Computing environment can guarantee an enhanced level of quality of services

offered to the users, such as hardware performance, e.g., I/O bandwidth, memory size and CPU

speed. Cloud Computing renders quality of service (QOS) by handling Service Level

Agreement (SLA) with clients [24].

As mentioned by Pekane [20], the Cloud Computing may not have a direct impact on

quality, but as the Cloud Computing enhances the time efficiency, the quality will be improved.

The time efficiency gives the members of the project team abundant time to check the items

in order to meet the required expectations, before deadlines are reached.

3.2 Risk of Cloud Computing

Cloud privacy and security issues are the most concerns in the Cloud Computing, because data

storage, sharing and being accessible by anyone in the organization, precisely, in public the

Cloud Computing as the data storage managed by the Cloud service provider, the most

important concern about privacy issues is the lack of the user control and unauthorized

secondary usage [19]while the most security issues concerns are access, control over data life

cycle and multi tenancy.

3.2.1 Data Location

In fact, the users of the Cloud Computing do not know where the data will be stored, where the

consumer loses physical access mechanisms used, and leads to the problem of information

privacy where the consumer fears that other peoples have access on their information, [22].

3.2.2 Investigative Support

The investigation of illegal or inappropriate activity may be almost impossible in cloud

computing, and is difficult to achieve, because The Cloud Computing supports data collection

with other data for other consumers and may be shared on-site and can also spread constantly

changing data across multiple data centers, The investigation is difficult,[22].

3.2.3 Data Segregation

As the Cloud providers are working to share resources in the Cloud environments in terms of

storage to reduce cost, but at the same time will lead to risk because the data from different

consumers will be shared in one environment [22]

3.2.4 Long-term Viability

Cloud service providers should ensure that in the event of any negative business situations such

as downtime, natural disaster or attack, customer should make sure that your private data

remains available after these attempts. Service providers must ensure that consumer data are

safe and always available, [22].

3.2.5 Recovery

Each Cloud provider must make sure, that there is a second place to store the consumer’s data,

where they want to be careful and provide backups in a data center for all consumers. In case

of any data loss or damage, the service provider will restore data from a second symmetry

center, [22].

3.2.6 Regulatory Compliance

Actually, the customers are responsible for the integrity of their data. They must ask the Cloud

service provider for external audits, and security certificates, as well as security guarantees

rather than guarantees are committed to the infrastructure. The presence of an external audit

service and security requirements increases consumer confidence. The lack of these services

reduces trust and indicates that the consumer can only use them for more trivial functions, [13].



3.2.7 Privileged User Access

The use of external institutions to deal with the sensitive data brings great risks with, as it is

necessary to transfer, access, publish and distinguish employees only to deal with. For this

purpose, the Cloud service providers must provide an accurate information to the consumer

about the hiring, supervising, and controls on their arrival to the information as well as Adopt

administrative rules to determine the specific access to cloud data, [13]. 4. Related Work of

Risk Management

Literature Review is the basis for any research work. In this Thesis, the current contents of

the Cloud Computing and the related risks are reviewed. To achieve a sufficiently broad scope

and to take into account all relevant points of view, a thorough analysis of the relevant literature

is a prerequisite.

Fitó and Guitart [12] presented a new model for the Cloud Computing security risk

assessment, which is Semi-quantitative BLO-driven, Cloud Risk Assessment (SEBCRA)

approach. This approach has four steps; the first step is Semi-quantitative BLO- oriented Cloud

Risk Assessment (SEBCRA), the second step is risk reporting, the third step is: risk treatment

and mitigation, and finally risk monitoring. The Cloud Computing has two types of providers:

Cloud service provider (CSP) and Infrastructure service provider (ISP). The Authors used the

Cloud CSP to apply the model of risk assessment, which showed the achievement of maximum

profit (91% of the price paid by clients) by transferring risks to a third-party Cloud

Infrastructure Providers.

The authors proposed the quantitative risk and impact assessment framework (QUIRC), this

method analyzes and assesses the risk and measures the impact of risk under six security criteria

for the Cloud Computing, [23].

Tanimoto, et al. [25] authors in this paper present a new method, this method is combination

between decision tree analysis by risk breakdown structure to find risk factor and risk matrix,

risk matrix is a classified risk in to four kinds, risk avoidance, risk mitigation, risk acceptance,

and risk transference to advance performance with low cost and time.

Furuncu and Sogukpinar [16] the author proposed the game theory to protect of risk when

use the Cloud Computing, this method compared the perfect user using the assets value, with

the risk that Could may cause to the assets of the cloud provider.

Djemame, et al. [17[ used a risk management to the Cloud Computing and evaluate service

provider through the service lifecycle presented by the Risk Assessment Modeling- IP Service

Operation. This model divided into many steps: risk inventory, vulnerability identification,

threat identification, data monitoring, event analysis, quantitative risk analysis and assessed risk

decision making. The author applied this model in two experiments. The First experiment is a

prototype evaluation to provide an end user through real time feedback across actual service

level. Which showed the high risk when there is a use of a resource from the VM's operating

system with in-boot up sequence and/ or from tomcat container, and the risk level will subside

if there is a use of establishes resources. The Second, functional evaluation, the objective is to

make sure that the impact of Cloud environment and risk limitation input for the output over

time with regard to IP service operation by the use of fabricated monitoring metrics.

Chang, et al. [18] The authors in this paper proposed organizational sustainability modeling

(OSM), which is a data analysis and processing system to be derived of capital asset pricing

model (CAPM) but advance to meet the specific needs of the Cloud Computing.

The proposed risk inform Cloud adoption framework based on understand, manage risk and

truest between service provider and companies by analysis the data from expert opinion using

Delphi technique [9].


Perception


4. METHODOLOGY STRUCTUR

This Thesis will use the security risk management framework for the Cloud Computing.

Especially, focus on an internal risk for the Cloud Computing. This mean, risk in the Cloud

Computing by view of employees responsible for manage Cloud Computing of private

company in Iraq, to achieve the best performance. As results, this company gains the customer

satisfaction at a low cost and time. This research will depend on the basic steps of the risk

analysis.

This approach has five phases:

1- Distribution the questioner to employees responsible for managing the Cloud Computing

and collecting the data required for the analysis.

2- Risk analysis phase, after the collection of all information, we use the risk level

estimation to understand the point of view of each trend that has a coefficient and an impact on

the Cloud Computing used in the company. [21]

RLEi= Li * li (1)

Li: probability of given risk. Ii: The impact of indicate.

3- Risk evaluation phase, in this phase we found what is the risk need to be treated and what

is not need to be treated based on interview with the manger of company to understand how

much impact on the company’s performance and probability of recurrence when we use the

Cloud Computing.

4- The risk treatment phase, in this phase find a suitable management case, which depends

on likelihood of occurrence of risk and impact of risk for companies by comparing the result

from evaluation phase and criteria risk matrix low risk: less than 5, medium risk: 5-15, and high

risk: 15-25.

Finally make the Best decision control for the risk level, by treatment measure: risk

acceptance, risk transfer, risk mitigation, and risk avoidance.

5- Risk review and monitor

5. DATA ANALYSIS

The aim of this section is to find what the risk, which needs to be treated, is, and what is not

needed to be treated, based on the interview with the mangers of the companies after data

analysis to understand how much impact on the company’s performance, and probability of

recurrence when they use the Cloud Computing. Then it comes to the finding of a suitable

management case depending on likelihood of occurrence of risk and impact of risk for

companies by comparing the result from evaluation phase and criteria risk matrix, finally

making the Best control decision for the risk level by the treatment measurement to find

conclusion. The results obtained from interviews with those responsible people for managing

the Cloud Computing are shown in tables (1 and 2).

Table 1 Likelihood of Occurrence for Risk

Risk

Likelihood

Of Occurrence (Mean)

Very low

1

woL

2

eoaMedoM

3

High

4

hMeh VreV

5

1-Data location 1 2 3 4 5

2-Investigative support 1 2 3 4 5



3-Data segregation 1 2 3 4 5

4-Long-term viability 1 2 3 4 5

5- Recovery 1 2 3 4 5

6-Regulatory compliance 1 2 3 4 5

7-Privileged user access 1 2 3 4 5

8-Lack of authentication

mechanisms 1 2 3 4 5

9-App server to the

database server is un

clear

1 2 3 4 5

10-Loss of local power 1 2 3 4 5

Table 2 The impact of risk

Risk

Impact

Of indicate (Mean)

Very low

1

woL

2

eoaMedoM

3

High

4

hMeh VreV

5

1-Data location 1 2 3 4 5

2-Investigative support 1 2 3 4 5

3-Data segregation 1 2 3 4 5

4-Long-term viability 1 2 3 4 5

5- Recovery 1 2 3 4 5

6-Regulatory compliance 1 2 3 4 5

7-Privileged user access 1 2 3 4 5

8-Lack of authentication

mechanisms 1 2 3 4 5

9-App server to the


clear

1 2 3 4 5

10-Loss of local power 1 2 3 4 5

After that we analyze all results, and find the mean for all risk’s occurrence and impact as

shown in previous two tables, more over we will make the treatment phase depending on the

Equation as shown in chapter three, section 3.2, to find the risk level and take the right decision

for controlling the risk by comparing the level of risk we have found with the criteria level of

risk. Table 3 shows the risk level.

Table 3 The level of risks.

Risk

Risk Level

(Li*li)

yeobdbrbroh

tcadmo

Very low

1

woL

2

eoaMedoM

3

High

4

e

hMeh

VreV

5

1-Data location Very Low 1


Perception


Risk

Risk Level

(Li*li)

yeobdbrbroh

tcadmo

Very low

1

woL

2

eoaMedoM

3

High

4

e

hMeh

VreV

5

woL 2

eoaMedoM 3 eoaMedoM

High 4

hMeh VreV 5

2-Investigative

support

Very low 1

woL 2

eoaMedoM 3

High 4 eoaMedoM

hMeh VreV 5

3-Data segregation

Very low 1

woL 2

eoaMedoM 3

High 4 hreV

hMeh VreV 5

4-Long-term viability

Very low 1

woL 2

eoaMedoM 3

High 4 hreV

hMeh hreV 5

5- Recovery

Very low 1

woL 2

eoaMedoM 3

High 4 hreV

hMeh VreV 5

6-Regulatory

compliance Very low 1



Risk

Risk Level

(Li*li)

yeobdbrbroh

tcadmo

Very low

1

woL

2

eoaMedoM

3

High

4

e

hMeh

VreV

5

woL 2

eoaMedoM 3 eoaMedoM

High 4

hMeh VreV 5

7-Privileged user

access

Very low 1

woL 2

eoaMedoM 3

High 4 hreV

hMeh VreV 5

8-Lack of

authentication

mechanisms

Very low 1

woL 2

eoaMedoM 3 woL

hreV 4

hMeh hreV 5

9-App server to the


clear

Very low 1

woL 2

eoaMedoM 3 woL

High 4

hMeh VreV 5

10-Loss of local

power

Very low 1

woL 2

eoaMedoM 3

High 4 woL

hMeh hreV 5

From table 3 we found the level of recovery, data segregation privilege user access, and

long- term viability for all between 15- 25, which mean that the level of risk is really high based

on the criteria level of risk and should be avoided, the level of data location, investigation

support,


Perception


Regulatory compliance for all between 5 and less than 15, which mean that the level of risk

is medium risk based on the criteria level of risks, the level of its lacks of authentication

mechanisms, App server to the database server is unclear and loss of local power are less than

5, that mean the level of risk is low risk based on the criteria level of risk. The following table

will illustrate the best decision to control the risk level compared with the risk level matrix.

Risk review and monitor, In the final step, the risks are monitored to ensure that everything

goes as desired, since you need to stay close to make sure that nothing had gone.

Table 4 The best decision control of risk

Risk Risk level

Li*li Best decision control

1-Data location Medium risk Transfer

2-Investigative support High risk Avoidance

3-Data segregation Medium risk Transfer

4-Long-term viability High risk Avoidance

5- Recovery High risk Avoidance

6-Regulatory compliance Medium risk Transfer

7-Privileged user access High risk Avoidance

8-Lack of authentication mechanisms Low risk Acceptance

9-App server to the database server is un

clear Low risk Acceptance

10-Loss of local power Low risk Acceptance

6. CONCLUSION AND FUTURE WORK

The objectives of this study are to identify the risks involved in the use of the Cloud Computing

in the companies from the point of view of employees in private the companies in Iraq, and

their impact on the performance of their companies and knowledge of the appropriate decision

to control risks compared to the matrix risk analysis. In this research we can conclude from the

results of the analyzed data collected. The impact of the data location, the regulatory

compliance, the lack of authentication mechanisms and the APP service to the database service

are unclear moderated. The investigation support, the data segregation, the privileged user

access; the long-term viability, the recovery, and the loss of local power have high impact of

risk. After we analyzed the risk, we managed the risk based on Matrix of risk; we found that

most of the risks can be transferred to a third party. If we have a high risk we should avoid, and

if we have low risk we should accept the risk.

For future work, it is possible to take a greater number of the risks in the Cloud Computing,

the internal risks of the companies by the view of the service providers and the customers

(Companies), study the relationship between the risks and their impact on both parties.

REFRENCES

[1] Jadeja Y.,Modi K. Cloud computing-concepts, architecture and challenges. In: Computing,

Electronics and Electrical Technologies (ICCEET), International Conference on. IEEE,

2012; p. 877-880.

[2] Nedev S. Exploring the factors influencing the adoption of Cloud computing and the

challenges faced by the business. Enquiry-The ACES Journal of Undergraduate Research,

2014; 5(1)



[3] Almorsy M, Grundy J, Müller I. An analysis of the cloud computing security problem.arXiv

preprint arXiv: 1609.01107, 2016.

[4] Mell P, Grance T. MELL, Peter; GRANCE, Tim. Effectively and securely using the cloud

computing paradigm. NIST, Information Technology Laboratory, 2009; 2(8): 304-311.

[5] Foster I, Zhao Y, Raicu I, Lu S. Cloud computing and grid computing 360-degree compared.

In: Grid Computing Environments Workshop, GCE'08. Ieee, 2008; p. 1-10

[6] Kleinrock L. A vision for the Internet. ST Journal of Research, 2005; 2(1): 4-5

[7] Mell P, Grance T. The NIST definition of cloud computing: Recommendations of the 33666

Instituteof Standards and Technology. Retrieved from

http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (accessed on: December

18, 2011); 53(6):50.

[8] Espadas J, Molina A, Jiménez G, Molina M, Ramírez R, Concha D. A tenant-based resource

allocation model for scaling Software-as-a-Service applications over cloud computing

infrastructures. Future Generation Computer Systems, 2013; 29(1), 273-286

[9] Gupta S, Saxena K. B. C, Saini A. K. Towards Risk Managed Cloud Adoption: A Conceptual

Framework. In: Proceedings of the International Conference on Industrial Engineering and

Operations Management, Kuala Lumpur, Malaysia. 2016; p. 8-10.

[10] Hamdaqa, M, Tahvildari L. Cloud computing uncovered: a research landscape. In: Advances

in Computers. Elsevier, 2012. p. 41-85

[11] Hashemi S, Monfaredi K, Masdari M, Using cloud computing for e-government: challenges

and benefits. International Journal of Computer, Information, Systems and Control

Engineering, 2013;7(9), 596-603.

[12] Fitó J. O, GuitartFernández J. Introducing risk management into cloud computing. Computer

Architecture Department, Technical University of Catalonia, Tech. Rep. UPC-DAC-RR-

2010-33.

[13] Kaur P. J, Kaushal S. Security concerns in cloud computing. In: High Performance

Architecture and Grid Computing. Springer, Berlin, Heidelberg, 2011. p. 103-112

[14] Lanman J.T, Horvath S.D. Linos, P.K. Anticipated benefits of cloud computing adoption in

Australian regional municipal governments: an exploratory study. In: Proceedings of the

19th Pacific Asia Conference on Information Systems (PACIS). University of Southern

Queensland, 2015. p. 1-18

[15] Mather T, Kumaraswamy S, Latif S. Cloud security and privacy: an enterprise perspective

on risks and compliance. "(Theory in Practice) Sebastopol, CA, O'Reilly Media, Inc, 2009.

[16] Furuncu E, Sogukpinar I. Scalable risk assessment method for cloud computing using game

theory (CCRAM). Computer Standards & Interfaces, 2015; 38, pp 44-50.

[17] Djemame K, Armstrong D, Guitart J, Macias M. A risk assessment framework for cloud

computing. IEEE Transactions on Cloud Computing, 2016; 4(3), pp 265-278.

[18] Chang V, Walters R J, Wills G. B. Organizational sustainability modeling—An emerging

service and analytics model for evaluating Cloud Computing adoption with two case studies.

International Journal of Information Management,2016; 36(1), pp 167-179

[19] Pearson S, Benameur A. Privacy, security and trust issues arising from cloud computing. In\

Cloud Computing Technology and Science (CloudCom), IEEE Second International

Conference on 2010, November; IEEE, 2010, pp. 693-702

[20] Pekane A. Adoption of cloud computing to enhance project management processes and

outcomes in South Africa in the private sector Unpublished Doctoral Dissertation, Cape

Town University, Cape Town, South Africa, 2015.

[21] Alosaimi R, Alnuem, M. A Proposed Risk Management Framework for Cloud Computing

Environment. International Journal of Computer Science and Information Security, 2016;

14(8), 47.


Perception


[22] Sangroya A, Kumar S, Dhok J, Varma, V. Towards analyzing data security risks in cloud

computing environments.In International Conference on Information Systems, Technology

and Management, 2010, March; Springer, Berlin, Heidelberg, 2010, pp. 255-265

[23] Saripalli P, Walters B. Quirc: A quantitative impact and risk assessment framework for cloud

security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on Ieee,

2010, July; pp. 280-288.

[24] Shawish A, Salama M. Cloud computing: paradigms and technologies. In Inter-cooperative

collective intelligence: Techniques and applications, Springer, Berlin, Heidelberg, 2014, pp.

39-67

[25] Tanimoto S, Hiramoto M, Iwashita M, Sato H, Kanai A. (.Risk management on the security

problem in cloud computing. In Computers, Networks, Systems and Industrial Engineering

(CNSI), 2011 First ACIS/JNU International Conference on 2011, IEEE, May; pp. 147-152.

[26] West F.10 Reasons Why Cloud Computing is the Wave of the Future for the Recruitment

Sector. Accessed on June 10, 2014, available at:

http://www.westtek.co.uk/Users/frmBlogDetail.aspx?id=2.

[27] Ali O, Soar J, McClymont H, Yong J, Biswas J.). Anticipated benefits of cloud computing

adoption in Australian regional municipal governments: an exploratory study. In

Proceedings of the 19th Pacific Asia Conference on Information Systems (PACIS)

University of Southern Queensland, 2015, pp. 1-18.

[28] Charanjeet Singh and Dr. Tripat Deep Singh, a 3-Level Multifactor Authentication Scheme

for Cloud Computing, International Journal of Computer Engineering and Technology,

10(1), 2019, pp. 184-195.

[29] Gangu Dharmaraju, J. Divya Lalitha Sri and P. Satya Sruthi, A Cloud Computing Resolution

in Medical Care Institutions for Patient’s Data Collection. International Journal of Computer

Engineering and Technology, 7(6), 2016, pp. 83–90.

[30] Dr. V. Goutham and M. Tejaswini, A Denial of Service Strategy to Orchestrate Stealthy

Attack Patterns In Cloud Computing, International Journal of Computer Engineering and

Technology, 7(3), 2016, pp. 179–186.

[31] Damodar Tiwari, Shailendra Singh and Sanjeev Sharma, A Prediction Based Multi- Phases

Live Migration Approach to Minimize the Number of Transferred Pages, in Cloud

Computing Environment, International Journal of Computer Engineering & Technology,

9(3), 2018, pp. 23–31.

[32] Kuldeep Mishra, Ravi Rai Chaudhary and Dheresh Soni, A Premeditated Cdm Algorithm in

Cloud Computing Environment For Fpm, International Journal of Computer Engineering

and Technology (IJCET), Volume 4, Issue 4, July-August (2013)

[33] Hamad Balhareth, Cloud Computing Strategy and Adoption in Higher Education: The Case

of Saudi Arabia. International Journal of Information Technology & Management

Information System 9(1), 2018, pp. 30–38.

analysis and management of risk related to...

Documents